Phosphorus, an extended Internet of Things (xIoT) security company, has launched Phosphorus Labs, its new global security research division, according to a prepared statement.
In addition, Phosphorus released its first xIoT Threat & Trend Report, which encapsulates five years of security research and device testing. Phosphorus noted that its research is based on the analysis of millions of xIoT devices deployed in corporate network environments across leading verticals.
Phosphorus’ Focus on xIoT Research
Comprised of leading experts in IoT, OT and IT security, Phosphorus Labs will focus exclusively on advanced xIoT threat research, security analysis and device-based threat assessments. The effort, says Phosphorus, will enable businesses to build more robust and mature security programs for today’s evolving cyber threat landscape.
Phosphorus CEO and founder Chris Rouland explained the inspiration behind the company’s new Labs division:
“Security research has been central to Phosphorus’s mission, ever since day one. Through our new Labs division, we are significantly expanding the company’s current research efforts to include more in-depth security testing and analysis of enterprise IoT, OT and network devices. We will also continue to grow our unique field research program, which collects key intelligence on active threats and security risks to xIoT devices already deployed in enterprise networks.”
A Closer Look at Phosphorus Labs
To collect accurate, real-time data on current security issues and threats, Phosphorus Labs’ research includes:
- In-depth xIoT device analysis
- Penetration testing
- Vulnerability research
- Regular interrogations of actively deployed xIoT devices
Phosphorus said it aims to provide “the industry’s most advanced and comprehensive understanding of the unique xIoT attack surface, coding challenges, design limitations, vulnerabilities, exploit methods, and security risks for every important xIoT device in use among enterprises today. This will allow companies to put in place more robust cybersecurity defenses to protect against potential threats.”
As Brian Contos, Phosphorus’ chief security officer, explained:
“The purpose behind Phosphorus Labs is not to create yet another vulnerability research program. xIoT vulnerabilities are a dime a dozen. While they often make a lot of noise in the news media, what is more important from a security standpoint is that we learn how to prevent these attacks by hardening devices and reducing their attack surface. Vulnerabilities will come and go, but device-level security should be consistent.”
MSSPs and MSPs can join Phosphorus’ partner program to integrate the company’s xIoT platform into their offerings. Along with MCS and EverSec, Phosphorus’ partners include Optiv, a security solutions integrator and Top 250 MSSP, and cybersecurity services company Defy Security.
xIoT Report Provides Guide to Current Threats
In its new xIoT Threat & Trend Report, Phosphorus Labs gives an overview of the top security problems facing today’s enterprise-level IoT, OT and network devices. The report includes key findings from the company’s five years of field research and testing — “to help enterprise security teams better understand the risks posed by xIoT devices.”
Some of Phosphorus Labs’ security findings include:
- 99% of xIoT device passwords are out of compliance with best practices
- 68% of xIoT devices have high-risk or critical vulnerabilities (CVSS score of 8-10)
- 80% of security teams can’t identify the majority of their xIoT devices
Phosphorus notes that the report also highlights specific xIoT devices that enterprise security teams need to pay special attention to. Correspondingly, Phosphorus Labs’ “Top 10 Worst xIoT Offenders” list includes several high-risk devices that are often overlooked. These include server racks/cabinets and KVM switches, as well as s office devices which are easy to exploit, such as connected printers and VoIP phone systems.
